<?php
if (!defined("OK")) { header("location: ?"); }

/* MySQL Lenta
CREATE TABLE `kom` (
`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`kid` INT NOT NULL DEFAULT '0',
`pid` INT NOT NULL DEFAULT '0',
`zinute` TEXT NOT NULL ,
`nick` CHAR( 50 ) NOT NULL ,
`nick_id` INT NOT NULL DEFAULT '0',
`data` DATETIME NOT NULL DEFAULT '0000-00-00 00:00'
) ENGINE = MYISAM ;
*/

function komentarai($id,$hide=false) {
	global $url;
	if (isset($url['id']) && isnum($url['id']) && $url['id'] > 0 && isnum($id) && $id > 0) {
		if (defined("LEVEL")) {
			$text = "
			<center>
			<form name=\"n_kom\" id=\"n_kom\" action=\"\" method=\"post\">
				".bbs('n_kom')." <textarea name=\"n_kom\" rows=5 cols=40 wrap=\"on\"></textarea><br/>
				<input type=\"hidden\" name=\"id\" value=\"".$id."\">
				<input type=\"submit\" name=\"Naujas\" value=\"Siųsti\">
			</form>
			</center>";
			hide("Parašyk komentarą",$text,$hide);
		}
		else { hide("Parašyk komentarą","Nori parašyti atsiliepimą ar komentarą? tai prisijunk arba <a href='?id,41'>prisiregistuok</a>.",false,"Tik nariams"); }
		//$sql = mysql_query1("SELECT * FROM `".LENTELES_PRIESAGA."kom` WHERE kid = ".escape($id)." AND pid = ".escape((int)$url['id'])." ORDER BY `data` DESC LIMIT 50");
		$sql = mysql_query1("SELECT *, (SELECT `email` FROM `".LENTELES_PRIESAGA."users` WHERE `".LENTELES_PRIESAGA."kom`.`nick_id`=`id`) AS email FROM `".LENTELES_PRIESAGA."kom` WHERE kid = ".escape($id)." AND pid = ".escape((int)$url['id'])." ORDER BY `data` DESC LIMIT 50");
		$text = "";
		while ($row = mysql_fetch_assoc($sql)) {
			$text .= "<div class=\"title\"><a href=\"#".$row['id']."\" name=\"".$row['id']."\" id=\"".$row['id']."\"><img src=\"images/icons/bullet_black.png\" alt=\"#\" class=\"middle\" border=\"0\"></a> ";
			if (defined("LEVEL") && LEVEL > 20) { $text .= "<a href='".url("dk,".$row['id']."")."' onclick=\"return confirm('Ar tikrai norite trinti?') \">[d]</a> "; }
			$text .= "<a href='?id,47;m,".$row['nick_id']."'>".$row['nick']."</a> ";
			if (defined("LEVEL") && $_SESSION['username'] != $row['nick']) { $text .= "<a href='?id,45;n,1;u,".$row['nick']."'><img src='images/pm/mail.png' alt='mail' border='0'/></a> "; }
			$text .= " (".$row['data'].") ".naujas($row['data'],$row['nick'])."</div>
			<!--<blockquote><div class=\"sarasas\">".smile(bbchat(wrap(input($row['zinute']),80)))."</div></blockquote>-->
			<blockquote><table><tr valign='top'><td><div class='avataras'><img width='40' src='http://www.gravatar.com/avatar.php?gravatar_id=".md5($row['email'])."&amp;default=".urlencode('http://www.mrcbug.com/images/avatars/no_image.jpg')."&amp;size=40' alt='kauke'/></div></td><td>".smile(bbchat(wrap(input($row['zinute']),80)))."</td></tr></table></blockquote>";
		}
		if (!empty($text)) { lentele("Komentarai",$text); }
	}
}

//Irasom nauja komentara jei nurodytas puslapis, gal perdidele salyga bet saugumo sumetimais :)
if (isset($_POST['n_kom']) && !empty($_POST['n_kom']) && !empty($_POST['Naujas']) && $_POST['Naujas'] == "Siųsti" && isset($_POST['id']) && !empty($_POST['id']) && isnum($_POST['id']) && defined("LEVEL") && LEVEL > 0 && isset($_SESSION['username']) && !empty($_SESSION['username'])) {
	mysql_query1("UPDATE `".LENTELES_PRIESAGA."users` SET taskai=taskai+1 WHERE nick=" . escape($_SESSION['username']) ." AND `id` = " . escape($_SESSION['id']) ."");
	mysql_query1("INSERT INTO `".LENTELES_PRIESAGA."kom` (`kid`, `pid`, `zinute`, `nick`, `nick_id`, `data`) VALUES (".escape($_POST['id']).", ".escape($url['id']).", ".escape($_POST['n_kom']).", ".escape($_SESSION['username']).", ".escape($_SESSION['id']).", NOW())");
	header("location: ".$_SERVER['HTTP_REFERER']."#".mysql_insert_id());
}

// Trinam komentara
if (isset($url['dk']) && isnum($url['dk']) && $url['dk'] > 0 && isset($url['id']) && !empty($url['id']) && isnum($url['id']) && defined("LEVEL") && LEVEL > 20) {
	$id = (int)$url['dk'];
	$sql = mysql_fetch_assoc(mysql_query1("SELECT nick, nick_id FROM `".LENTELES_PRIESAGA."kom` WHERE id=".escape($id)." LIMIT 1"));
	mysql_query1("UPDATE `".LENTELES_PRIESAGA."users` SET taskai=taskai-1 WHERE nick=" . escape($sql['nick']) ." AND `id` = " . escape($sql['nick_id']) ."");
	mysql_query1("DELETE FROM `".LENTELES_PRIESAGA."kom` WHERE id=".escape($id)." LIMIT 1");
	unset($id);
	header("location: ".$_SERVER['HTTP_REFERER']."");
}
?>
